package current.security.tag;

import java.util.Map;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;

import platform.util.Util;
import current.security.access.AccessValidateService;

/**
 * Access control tag which evaluates its body based either on
 * <ul>
 * <li>an access expression (the "access" attribute), or</li>
 * <li>by evaluating the current user's right to access a particular URL (set using the "url" attribute).</li>
 * </ul>
 * @author Luke Taylor
 * @since 3.0
 */
public class MyAuthorizeTag extends TagSupport {
    /**
	 * 
	 */
	private static final long serialVersionUID = 1L;
    private String url;

    @SuppressWarnings("unchecked")
	public int doStartTag() throws JspException {
    	Map<String, String> map = (Map<String, String>)pageContext.getServletContext().getAttribute("urlAuthorities");
    	AccessValidateService accessValidateService = (AccessValidateService) Util.getService("accessValidateService",pageContext.getServletContext());
    	String result = accessValidateService.isAllowAccess(map, (Map<String, Object>)pageContext.getSession().getAttribute("user"), url);
    	if(result != null && (result != null && (result.equals("REJECT") || result.equals("ACCEPT")))){
    		return EVAL_BODY_INCLUDE;
    	}
        return SKIP_BODY;
    }

	public String getUrl() {
		return url;
	}

	public void setUrl(String url) {
		this.url = url;
	}
}
